The draft NIST recommendation for the usage of CVE-compatible products
is available for commentary by February 18.
See http://csrc.nist.gov/publications/drafts.html
The draft NIST recommendation "Use of the CVE Vulnerability Naming
Scheme Within its Acquired Products and Information Technology
Security Procedures" advises agencies on the use of the Common
Vulnerability and Exposures (CVE) vulnerability naming scheme. It
recommends that agencies give substantial consideration to buying
products and services compatible with the CVE naming scheme. The
recommendation also advises agencies to periodically monitor their
systems for vulnerabilities listed in the CVE vulnerability naming
scheme. Agencies are also advised to use the CVE naming scheme in
their communications and descriptions of vulnerabilities. You are
invited to submit any comments you may have to both Peter Mell and
Timothy Grance at peter.mell@nist.gov and timothy.grance@nist.gov by
February 18, 2002.
- Steve